Hiding false positives, revoked credentials, etc.

Sometimes, Security for Confluence will find false positives, credentials which have already been revoked, etc. If this happens, you can review the finding. This marks the finding, as well as any other findings which exactly match it, as reviewed in the current and future scans.

In the Soteri Dashboard, reviewed findings are not counted towards the total finding count when determining if a space is secure.

Reviewing a finding from the Security Analysis

Click the Mark reviewed button on the finding you want to review.

This will open a confirmation dialog. Note that marking a finding as reviewed saves the exact string captured by the rule (in this case, fbkey ab048ad50ffa33959a242b1ecec6ed0b). That exact string will be marked as reviewed for all existing and future scans.

Once reviewed, the finding will disappear from the Security Analysis, but can be shown again with the “Show reviewed” toggle, where it can also be unmarked.

Note that reviewed findings are scoped to a space; that is, identical findings across multiple spaces must be reviewed separately.

Exporting Reviewed Findings

Information about reviewed false positives, such as who marked them reviewed and when, may be exported from the Security Analysis by clicking “Export Space” and then “Reviewed False Positives”.

Note that reviewed false positives are stored independently of any findings. In other words, after clicking “Mark Reviewed” on a finding, that text persists and marks all future matching results as reviewed, even if the original finding is deleted.

You can also export reviewed false positives in all your spaces from the Soteri Dashboard.